<?php
	include 'connectDB.php';	
	class login
	{
		private function secureVars($var)
		{
			$var=htmlspecialchars($var);
			$var=mysql_real_escape_string($var);
			return $var;
		}
		
		public function log($email,$password)
		{
			$email=$this->secureVars($email);
			$password=$this->secureVars($password);
			$password=md5($password)."qlqlql";
			$password=md5($password);
			$sql=mysql_query("SELECT id FROM users WHERE email LIKE '".$email."' AND password LIKE '".$password."'  ") or die (mysql_error());
			if (mysql_num_rows($sql)>0)
			{
				$_SESSION['logged']=mysql_result($sql, 0);
				$sql=mysql_query("SELECT firstName, accountBalance FROM users WHERE id={$_SESSION['logged']}");
				$sql=mysql_fetch_array($sql);
				$_SESSION['name']=$sql[0];
				$_SESSION['bal']=$sql[1];
				header ("Location: index.php");
			}
			else
			{
				return "Wrong username or password";
			}
		}
	}
	
	$object=new login();
	echo $object->log($_POST['email'],$_POST['password']);
	
?>